If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Enjoy an ad free experience by logging in. Not a member yet? Register.

IMO this is more work than you need. Sha256 would be 2^256 chance for collision, which is, well very high. I'm not a cryptographic expert by any far stretch of the imagination, but best I know sha256 has not been compromised as of yet. I wouldn't go to any effort to chop the strings up.
The ordering isn't desirable though. You have a salt and pepper that are added after the hash, which means that all passwords start and end with the same sequence. Instead, use hash('sha256', $salt . $password . $pepper); where salt and pepper could be anything, even a single byte that add uniqueness to the password. So two users with the passwords 'apassword' don't end up with the same password within storage.
Cutting the string up isn't all that helpful overall. If software is compromised as well, than the pattern is a standard sequence in order to reassemble it. Since you cannot randomize it, you would either need to do pattern reassembly for it based on offset sequence, or you would need to calculate reassignment based on values. The latter is pretty much what the hashing algorithms are doing anyways.
BTW, if you want to split that up, create an array instead using str_split instead.

PHP Code:

header('HTTP/1.1 420 Enhance Your Calm');

Been gone for a few months, and haven't programmed in that long of a time. Meh, I'll wing it ;)

IMO this is more work than you need. Sha256 would be 2^256 chance for collision, which is, well very high. I'm not a cryptographic expert by any far stretch of the imagination, but best I know sha256 has not been compromised as of yet. I wouldn't go to any effort to chop the strings up.
The ordering isn't desirable though. You have a salt and pepper that are added after the hash, which means that all passwords start and end with the same sequence. Instead, use hash('sha256', $salt . $password . $pepper); where salt and pepper could be anything, even a single byte that add uniqueness to the password. So two users with the passwords 'apassword' don't end up with the same password within storage.
Cutting the string up isn't all that helpful overall. If software is compromised as well, than the pattern is a standard sequence in order to reassemble it. Since you cannot randomize it, you would either need to do pattern reassembly for it based on offset sequence, or you would need to calculate reassignment based on values. The latter is pretty much what the hashing algorithms are doing anyways.
BTW, if you want to split that up, create an array instead using str_split instead.

so how do the big boys do this, For instance you never hear Google or high end banks getting hacked.

They spend mega-bucks on having full time staff monitoring their systems, having the best in the field working for them, employing slightly more staff than they actually need across multiple sites and generally having more human brain power than the one or three man hacking team.